Failed to bind to directory with bind information: Handshake err
User while upgrading LDAP server to use SSL getting issues when trying to connect to Pega.
Failed to bind to directory using bind information. Is the distinguished name similar to "cn=Admin"? javax.naming.CommunicationException: simple bind failed: ab-ldap-cd.efgh.ijk.lm:636 [Root exception is javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure]
Server debug log:
[6/09/17 11:29:47:888 EST] 00000236 SystemOut O WebContainer : 1, READ: SSLv3 Alert, length = 2
[6/09/17 11:29:47:888 EST] 00000236 SystemOut O WebContainer : 1, RECV TLSv1 ALERT: fatal, handshake_failure
[6/09/17 11:29:47:889 EST] 00000236 SystemOut O WebContainer : 1, called closeSocket()
[6/09/17 11:29:47:889 EST] 00000236 SystemOut O WebContainer : 1, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[6/09/17 11:29:47:891 EST] 000000af SystemOut O 2017-09-06 11:29:47,891 [ WebContainer : 1] [TABTHREAD1] [ ] [ PegaRULES:07.10] (.Data_Admin_AuthService.Action) ERROR xx-xx-pega01|123.12.xxx [email protected] - Data-Admin-AuthService WebLDAP1: Failed to create directory context anonymously. Anonymous bind may not be supported. CONTINUING TEST... javax.naming.CommunicationException: anonymous bind failed: ab-abcd-ef.ghij.klm.no:636 [Root exception is javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure]
[6/09/17 11:29:47:892 EST] 00000236 SystemOut O adding as trusted cert:
Steps to Reproduce
Navigate to Record > SysAdmin > Create > SysAdmin > Authentication Services.
A defect in Pegasystems’ code or rules:
User is getting SSLHandshakeException when connecting to LDAP directory server from Pega client as it is not able to downgrade or upgrade SSL protocol version.
Perform the following local-change:
1. Override the pySSLProtocol value by hardcoding it to "TLSv1.2"
Read from the RASS setting for protocol version in this way "@getRuleSystemSetting("Pega-IntegrationArchitect", "pyLowestAllowableTLSVersion")" in the pyDefault Data Transform of ‘Data-Admin-AuthService’ class as it is available.
2. Create new Authenticate Service Rule and Test Connectivity.
0% found this useful